| Internet use, in general, and online social networking sites, in particular, are experiencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protecting this information is a challenge. Access control policy composition is complex, laborious and tedious for the average user. Usable access control frameworks have lagged. Acceptance / use of available frameworks is low. As a result, policies are only partially configured and maintained. Or, they may be all together ignored. This leads to privacy information and content not being properly protected and potentially unknowingly made available to unintended recipients.;We overcome these limitations by introducing User Centric Policy Management - a new paradigm of semi-automated tools that aid users in building, recommending and maintaining their online access control policies. We introduce six user centric policy management assistance tools: Policy Manager is a supervised learning based mechanism that leverages user provided example policy settings to build classifiers that are the basis for auto-generated policies. Assisted Friend Grouping leverages proven clustering techniques to assist users in grouping their friends for policy management purposes. Same-As Subject Management leverages a user's memory and opinion of their friends to set policies for other similar friends. Example Friend Selection provides different techniques for aiding users in selecting friends used in the development of access control policies. Same-As Object Management leverages a user's memory and perception of their objects for setting policies for other similar objects. iLayer is a least privilege based access control model for web and social networking sites that builds, recommends and enforces access control policies for third party developed applications.;To demonstrate the effectiveness of these policy management assistance tools, we implemented a suite of prototype applications, conducted numerous experiments and completed a number of extensive user studies. The results show that User Centric Policy Management is a more usable access control framework that is effective, efficient and satisfying to the user, which ultimately improves online security and privacy. |
